The Bank of Ghana has commissioned a Financial Industry Command Security Operations Centre (FICSOC) to help in the fight against cyber security threats and attacks in the country.
The centre is established as a threat intelligence sharing platform to coordinate cybersecurity efforts within the banking and financial industry.
It is aimed at supporting financial sector players to build cybersecurity resilience against threats.
The centre which was fully funded by the central bank is part of the requirements in the Cyber and Information Security Directive (2018) which was issued to support banking and financial industry players to implement critical information security controls.
It is structured in phases and would serve as a long-term financial sector Cybersecurity Emergency Response Team, working closely with the Cyber Security Authority.
In collaboration with the Ghana Association of Bankers, all the 23 commercial banks in the country have been connected to the FICSOC platform.
Real time visibility
Speaking at the commissioning of the centre, the Governor of the Bank of Ghana, Dr Ernest Addison, said the project would help provide real-time visibility into cyber threats and attacks targeting the banking sector.
He said the BoG and the Cyber Security Authority were collaborating to improve the cybersecurity posture in the banking sector.
In particular, he said the two institutions were discussing various ways to approach implementation of the Cybersecurity Act, 2020 (Act 1038) for the sector.
Dr Addison noted that three years ago, the central bank started working with the commercial banks as key external stakeholders to create a secure cybersecurity environment in the financial sector, the results of which had now materialised.
“In October 2018, the Bank of Ghana issued the Cyber and Information Security Directive (CISD) for banks and other Bank of Ghana-regulated financial institutions with the expectation that all regulated financial institutions would implement the required Information Security Management Systems (ISMS) controls to ensure the delivery of a safer digital financial Industry.
“The implementation of the Directive was phased over 36 months, and through effective monitoring and supervision among regulated banks,” he stated.
He said as these institutions worked towards full implementation of the directive, it became evident that the BoG had to establish an industry Security Information and Event Management (SIEM) system to enable those institutions implementing SIEMs to send logs/alerts, aggregate information and reports.
To achieve this, he said the central bank initiated FICSOC which is now completed and operational with reports/alerts in the form of threat intelligence provided to the banks to improve their incident response mechanisms.
Support BoG’s efforts
In his keynote address, Vice President, Dr Mahamudu Bawumia, said the government was committed to supporting BoG’s efforts in strengthening the cybersecurity landscape for the banking and financial services industry.
He said the central bank had over the years invested heavily to ensure that the digital financial industry remained safe and the commissioning of the FICSOC marked another milestone to firm up information security controls in reducing the impact of cyber threats on financial institutions.
“This will become one of the top national security facilities in the country and contribute to improving cybersecurity issues among financial sector institutions and beyond.
Use of technology
The Vice President noted that the use of digital technologies continues to transform business models of financial institutions with new revenue and value producing opportunities.
He said while these digital technologies support banking services and enable banking strategies, the underlining security vulnerabilities pose key cyber risks among these institutions.
He added that these risks may impair operational capabilities and threaten the viability of financial institutions.
“Likewise, the contagion of cyber risks in the financial system is heightened by the extent of interconnectedness and therefore any severe cyber-attack could threaten the stability of the financial system.
“The Basel committee on banking supervision, the primary global standard setter for the regulation of banks has recognised the evolving nature and scope of cyber risks and called upon banks to improve their resilience to cyber threats and incidence in line with the national cybersecurity strategy in their countries,” he pointed out.
He said the establishment of the FICSOC would therefore help banks in this regard.